Hacker Mastermind “Sabu” Worked As FBI Informant Since Last Summer

by Samantha Lowell

As the Anonymous collective continues to reel in shock after LulzSec mastermind “Sabu” being exposed as an FBI mole, damage to the loose knit hacker group continues to mount and an increasingly unflattering personal picture of the man who turned on Lulzsec emerges. For the last nine months, Sabu has tweeted, hacked, and acted at the FBI’s direction, identifying other members of LulzSec and Anonymous and sowing disinformation.

Describing himself, 28 year-old Hector Xavier Monsegur, aka “Sabu”  said in the interview, “I’m not some cape-wearing hero, nor am I some supervillain trying to bring down the good guys. I’m just doing what I know how to do, and that is counter abuse.”

This week, however, the  FBI and authorities in the United Kingdom moved in and made arrests. Others charged in indictments unsealed last week include  Ryan Ackroyd , 23, of Doncaster, United Kingdom, aka “Kayla,” Jeremy Hammond, 27, of Chicago, aka “Anarchaos,” Donncha O’Cearrbhail , 19, of Birr, Ireland, aka “Palladium,” Darren Martyn, 25, of Galway, Ireland ,aka “Pwnsauce,” and Jake Davis, 29, of Lerwick, Shetland Islands, United Kingdom, aka “Topiary.”

LulzSec, an offshoot of Anonymous, took credit for a range of hacking attacks on government and private sector websites. Lulzsec’s previous targets included the CIA, Britain’s Serious Organized Crime Agency, Japan’s Sony Corp, security contractor HB Gary and a host of others including in Ireland and Mexico.

FBI spokesmen revealed on Wednesday that leading Anonymous hacker “Sabu” — real name Hector Xavier Monsegur, aged 28 — had been acting as an informant since his arrest last June. Monsegur’s handlers revealed that he was online between 8 and 16 hours a day and was watched by monitoring software and by an agent who “supervised his online activity 24 hours a day.”

Thieves, Not Robin Hood Or Jolly Rogues

Monsegur, a welfare father living in a housing project on New York’s lower east side, pled guilty to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft.  The charges could have carried a total sentence of 125 years to live in prison, whichever is shorter.  Despite Monsegur’s status as a so-called “hactivist” and high-profile hacker, he had little money, lived in public housing and used a public defender; furthermore, many of his crimes were monetary.

Describing himself, Monsegur said “I’m just doing what I know how to do, and that is counter abuse.” However, the details of his life show a far less flattering picture, that of a bully and thief who enjoyed causing trouble for those around him in both his physical and digital spaces. Monsegur paid bills usingstolen credit card numbers, and at one time hacked into an auto partscompany and had them send him over $3000 worth of parts. Furthermore, Monsegur was disliked by his neighbors for being a loud, disruptive partier. Neighbors frequently complained to police about constant noise and the smell of marijuana smoke in his housing project apartment.

Neighbors frequerently complained that for two years Monsegur made excessive noise until 4 AM, wrestling on the floor, pounding, rapping and screaming to loud music and chasing a pitbull around the apartment and that there were also two young girls in the apartment running back and forth around the apartment and numerous other individuals arriving at all hours.

Monsegur seemed to enjoy antagonizing his neighbors, replying to requests to stop the noise with an obscenity and making even more noise, having all parties involved stomp their feet simultaneously and laugh. Monsegur’s FBI handlers described him as “brilliant but lazy”.

Monsegur, described as a skilled, self-taught hacker with no college education, functioned primarily as a “digger”, seeking vulnerabilities to exploit. Ironically, his arrest, after years of hacks on high profile targets,  was the result of a rookie mistake: In a single mundane post, he neglected to mask his ISP address, and alert FBI watchers  moved in immediately.  Most of Anonymous’ attacks are relatively low-skill Distributed Denial of Service (DDOS) attacks. LulzSec’s comparatively sophisticated crimes are an anomaly, according to FBI cybercrimes analysts.

Anti-Sec’s abrupt announcement of the group’s closure last June was genuine. The announcement coincided with Monsegur’s arrest  at his small apartment in a Manhattan housing complex on June 7, 2011. His last tweet, as “the Real Sabu” just before his arrest was cryptic: “Trust no one”.

However, by August, Antisec was inexplicably back in operation again, only with a twist: Monsegur was freed on bail and began functioning as an informant, continuing to speak on Twitter and elsewhere as Sabu. As part of Monsegur’s plea arrangement,  the FBI allowed Monsegur to act as an informant and agreed to drop other charges including hacking into an identity theft,  online casino, using and trying to sell marijuana and buying $15,000 worth of merchandise with a former employer’s credit card.

For several months, Monsegur provided information on his accomplices and sewed false information, preventing tens of thousands of dollars of damage in would-be hacks.

The Rise And Fall Of LulzSec

Lulzsec is an offshoot of the loose knit hacker collective Anonymous. Taking inspiration from the hacking and Internet community as well as popular culture — particularly the 2005 film “V for Vendetta” in which a masked hero fights a dystopian government — Anonymous emerged in the middle of the last decade. However, while Anonymous has no acknowledged leader, Sabu was the acknowledged leader of LulzSec and   always played an active role, providing real time assistance with hacks and giving specific directions and nobody took action without first informing him..

Originally known as “Internet feds”, between December 2010 and May 2011, the accused engaged in a series of cyber attacks that included breaking into computer systems, stealing confidential information, publicly disclosing stolen confidential information, hijacking victims’ e-mail and Twitter accounts, and defacing victims’ Internet websites. The accused are charged with the hack of the website of Fine Gael, a political party in Ireland; the hack of computer systems used by security firms HBGary, Inc. and its affiliate HBGary Federal, LLC, from which Lulzsec stole confidential data pertaining to 80,000 user accounts; and the hack of computer systems used by Fox Broadcasting Company, from which Internet Feds stole confidential data relating to more than 70,000 potential contestants on “X-Factor,” a Fox television show.

In May 2011, following the publicity that they had generated as a result of their hacks, the group formed a new hacking group called “Lulz Security” or “LulzSec.”. By December, 2011, the group had stolen credit card information valued in excess of $700,000.

The Fallout

Ackroyd, Davis and Martyn each are charged with two counts of computer hacking conspiracy. Each conspiracy count carries a maximum sentence of 10 years in prison. O’Cearrbhail is charged with one count of intentionally disclosing an unlawfully intercepted wire communication , for which he faces five years in prison, one count of computer hacking conspiracy, and faces 10 years in prison. Hammond is charged with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Each count carries a maximum sentence of 10 years in prison. All of the accused have been previously arrested.

With Monsegur deeply into the confidence of many LulzSec and anonymous members, the Anonymous community is reacting with varying degrees of bravado, denial, and fear.  One pro LulSec site defiantly compared  LulzSec to a hydra, with two heads growing where one is severed. Others are more genuinely frightened.

In response to this attack, the group hacked Panda Security, a Spanish antivirus firm and defaced its website, leaving an embittered farewell to its former leader : “It’s sad and we can’t imagine how it feels having to look at the mirror each morning and see there the guy who shopped their friends to police.”

One thing is certain and that’s that LulzSec/Anti-Sec is weakened, but still fighting.  What is not certain is how many others will be picked up as secondary arrests.  Many who formerly crowed about their association and service to Anonymous are now suspiciously inactive or keeping a low profile. As further arrests and indictments are announced by the FBI, we may see some familiar names.  The message is a clear one, however – any member of Anonymous may be an FBI informant, and any may turn in his fellows.

For now, we can only appreciate the efforts of those who bring these criminals to justice, and watch, and wait.


SCIFI Radio Staff
SCIFI Radio Staff

SCIFI.radio is listener supported sci-fi geek culture radio, and operates almost exclusively via the generous contributions of our fans via our Patreon campaign. If you like, you can also use our tip jar and send us a little something to help support the many fine creatives that make this station possible.